From 9aaaaacfdac277ef2c409af1c99e8909a8e2077f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= Date: Wed, 15 Mar 2023 08:21:53 +0100 Subject: [PATCH] fix code structure consistency --- .../cyclonedx/maven/BaseCycloneDxMojo.java | 29 ++++++++++--------- .../org/cyclonedx/maven/CycloneDxMojo.java | 1 + .../cyclonedx/maven/CycloneDxPackageMojo.java | 1 + .../maven/ProjectDependenciesConverter.java | 2 +- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java index f73cf9ae..260fbe94 100644 --- a/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java @@ -36,7 +36,6 @@ import org.cyclonedx.model.Component; import org.cyclonedx.model.Dependency; import org.cyclonedx.model.Metadata; -import org.cyclonedx.model.Component.Scope; import org.cyclonedx.parsers.JsonParser; import org.cyclonedx.parsers.Parser; import org.cyclonedx.parsers.XmlParser; @@ -263,23 +262,25 @@ public void execute() throws MojoExecutionException { if (includeTestScope) scopes.add("test"); final Metadata metadata = modelConverter.convert(project, analysis + " " + String.join("+", scopes), projectType, schemaVersion(), includeLicenseText); + final Component rootComponent = metadata.getComponent(); final String rootBomRef = projectIdentities.get(rootComponent.getPurl()); if (rootBomRef != null) { componentMap.remove(rootBomRef); metadata.getComponent().setBomRef(rootBomRef); } + projectDependenciesConverter.cleanupBomDependencies(metadata, componentMap, dependencyMap); - generateBom(analysis, metadata, componentMap, dependencyMap); + generateBom(analysis, metadata, new ArrayList<>(componentMap.values()), new ArrayList<>(dependencyMap.values())); } } - private void generateBom(String analysis, Metadata metadata, Map components, Map dependencies) throws MojoExecutionException { + private void generateBom(String analysis, Metadata metadata, List components, List dependencies) throws MojoExecutionException { try { getLog().info(String.format(MESSAGE_CREATING_BOM, schemaVersion, components.size())); final Bom bom = new Bom(); - bom.setComponents(new ArrayList<>(components.values())); + bom.setComponents(components); if (schemaVersion().getVersion() >= 1.1 && includeBomSerialNumber) { bom.setSerialNumber("urn:uuid:" + UUID.randomUUID()); @@ -287,7 +288,7 @@ private void generateBom(String analysis, Metadata metadata, Map= 1.2) { bom.setMetadata(metadata); - bom.setDependencies(new ArrayList<>(dependencies.values())); + bom.setDependencies(dependencies); } /*if (schemaVersion().getVersion() >= 1.3) { @@ -395,7 +396,7 @@ protected void populateComponents(final Map components, final final String purl = generatePackageUrl(artifact); final String identity = purlToIdentity.get(purl); if (identity != null) { - final Scope artifactScope = (dependencyAnalysis != null ? inferComponentScope(artifact, dependencyAnalysis) : null); + final Component.Scope artifactScope = (dependencyAnalysis != null ? inferComponentScope(artifact, dependencyAnalysis) : null); final Component component = components.get(identity); if (component == null) { final Component newComponent = convert(artifact); @@ -410,12 +411,12 @@ protected void populateComponents(final Map components, final } /** - * Infer BOM component scope based on Maven project dependency analysis. + * Infer BOM component scope (required/optional/excluded) based on Maven project dependency analysis. * * @param artifact Artifact from maven project * @param projectDependencyAnalysis Maven Project Dependency Analysis data * - * @return Component.Scope - Required: If the component is used (as detected by project dependency analysis). Optional: If it is unused + * @return Component.Scope - REQUIRED: If the component is used (as detected by project dependency analysis). OPTIONAL: If it is unused */ protected Component.Scope inferComponentScope(Artifact artifact, ProjectDependencyAnalysis projectDependencyAnalysis) { if (projectDependencyAnalysis == null) { @@ -440,22 +441,22 @@ protected Component.Scope inferComponentScope(Artifact artifact, ProjectDependen return null; } - private Scope mergeScopes(final Scope existing, final Scope project) { + private Component.Scope mergeScopes(final Component.Scope existing, final Component.Scope project) { // If scope is null we don't know anything about the artifact, so we assume it's not optional. // This is likely a result of the dependency analysis part being unable to run. - final Scope merged; + final Component.Scope merged; if (existing == null) { - merged = (project == Scope.REQUIRED ? Scope.REQUIRED : null); + merged = (project == Component.Scope.REQUIRED ? Component.Scope.REQUIRED : null); } else { switch (existing) { case REQUIRED: - merged = Scope.REQUIRED; + merged = Component.Scope.REQUIRED; break; case OPTIONAL: - merged = (project == Scope.REQUIRED || project == null ? project : existing); + merged = (project == Component.Scope.REQUIRED || project == null ? project : existing); break; case EXCLUDED: - merged = (project != Scope.EXCLUDED ? project : Scope.EXCLUDED); + merged = (project != Component.Scope.EXCLUDED ? project : Component.Scope.EXCLUDED); break; default: merged = project; diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java index 316a35ee..0a38fc31 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxMojo.java @@ -106,6 +106,7 @@ protected String extractComponentsAndDependencies(final Map c projectIdentities.put(projectBomComponent.getPurl(), projectBomComponent.getBomRef()); populateComponents(components, getProject().getArtifacts(), projectPUrlToIdentity, doProjectDependencyAnalysis(getProject())); + dependencies.putAll(projectDependencies); return "makeBom"; diff --git a/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java b/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java index 5e3d1fca..2adc4cce 100644 --- a/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java +++ b/src/main/java/org/cyclonedx/maven/CycloneDxPackageMojo.java @@ -77,6 +77,7 @@ protected String extractComponentsAndDependencies(Map compone projectIdentities.put(projectBomComponent.getPurl(), projectBomComponent.getBomRef()); populateComponents(components, mavenProject.getArtifacts(), projectPUrlToIdentity, null); + dependencies.putAll(projectDependencies); } diff --git a/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java b/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java index 9f7485d3..213dc358 100644 --- a/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java +++ b/src/main/java/org/cyclonedx/maven/ProjectDependenciesConverter.java @@ -44,7 +44,7 @@ public interface ProjectDependenciesConverter { * The map will be modified to reflect the distinct names, with references and the map keys * being updated. */ - void normalizeDependencies(final CycloneDxSchema.Version schemaVersion, final Map dependencies, final Map purlToIdentity) ; + void normalizeDependencies(CycloneDxSchema.Version schemaVersion, Map dependencies, Map purlToIdentity) ; /** * Check consistency between BOM components and BOM dependencies, and cleanup: drop components found while walking the